Saturday, January 17, 2015

Rewriting Mono's certmgr

While trying to run ASP.NET 5 on Mono, I was using certmgr from Mono security tools to import some certificates for NuGet. I was dissatisfied with this tool due to the following reasons:

  • I was unable to list existing certificates, as you need to supply the store name. You have to specify one of the 5 possible store names (My, AddressBook, CA, Trust, Disallowed). Do I need to say there's NO MENTION of these names in certmgr documentation? I was unable to find that list somewhere in the web either. The most reliable way is to get it from the code.
  • It crashes almost every time when incorrect parameters are supplied. Not that it's fatal; it's just aesthetically unpleasant for me to see something like
    Unhandled Exception:
    System.IndexOutOfRangeException: Array index is out of range.
      at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in :0 
    [ERROR] FATAL UNHANDLED EXCEPTION: System.IndexOutOfRangeException: Array index is out of range.
      at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00000] in :0
    
    
  • Code is rather sloppy, with suboptimal variable naming, unused variables, etc. My favorite part is extremely strict certificate validation:
    static bool CertificateValidation (SSCX.X509Certificate certificate, int[] certificateErrors)
    {
        // the main reason to download it is that it's not trusted
        return true;
        // OTOH we ask user confirmation before adding certificates into the stores
    }
    
I think that's enough reasons to fork it. Why not send a pull request? First of all, I think it's wrong to bundle the tool with Mono. It's an independent tool, it should be possible to update it without touching the Mono core.

So my plan is as follows:

  • Refactor certmgr to run standalone (done)
  • Set up continuous integration (done)
  • Fix existing bugs (in progress)
  • Write unit/integration tests
  • Make tool more user-friendly (e.g. display certificates from all stores by default?)
  • Implement some new features?

That's where could use some input from other people. If you have some ideas or want to contribute code - please open issues/requests on project's page on GitHub.

No comments:

Post a Comment